If we don't want to verify the SSL certs then don't use them.

Roland Hedberg · Roland Hedberg · commit 846f26f0e951 · 2013-06-26T08:25:17.000+02:00
diff --git a/src/saml2/httpbase.py b/src/saml2/httpbase.py
@@ -87,10 +87,11 @@ def __init__(self, verify=True, ca_bundle=None, key_file=None,
         self.cookiejar = cookielib.CookieJar()
 
         self.request_args["verify"] = verify
-        if ca_bundle:
-            self.request_args["verify"] = ca_bundle
-        if key_file:
-            self.request_args["cert"] = (cert_file, key_file)
+        if verify:
+            if ca_bundle:
+                self.request_args["verify"] = ca_bundle
+            if key_file:
+                self.request_args["cert"] = (cert_file, key_file)
         
         self.sec = None
         self.user = None
